C - Error is "free(): invalid next size (normal) "

Greeneco picture Greeneco · Mar 6, 2015 · Viewed 30.2k times · Source

I just can not find what is causing this problem.

MYSQL *startup(unsigned char *path_to_file, int size_of_path) {
MYSQL *con;
bool path_is_file = false;
bool path_is_directory = false;
FILE *startup_file;
int i;
unsigned char buffer[LINEBUFFERSIZE];
unsigned char string[LINEBUFFERSIZE];
unsigned char c;

//Allocate memory for the new file path
unsigned char *path;
path = (unsigned char *) malloc(size_of_path);
if(path == NULL)
    error("Could not allocate memory for path to file.\nIn startup()\n");

//Check if startup file exists or if it is a directory
//Bug is somewehre here!!!!
struct stat s;
printf("%s", path_to_file);
if(stat(path_to_file, &s) == 0) {
    if(s.st_mode & S_IFDIR) {
        //It's a directory
        path_is_directory = true;
        //Add the standard startup file name to the directory
        path = (unsigned char *) realloc(path, size_of_path + sizeof(STARTUP_FILE));
        if(path == NULL)
            error("Could not reallocate memory for variable path.\nIn startup()\n");
        //Put the strings together
        sprintf(path, "%s/%s", path_to_file, STARTUP_FILE);
    }
    else if(s.st_mode & S_IFREG) {
        //It's a file
        path_is_file = true;
        path = path_to_file;
    }//End else if
    else //Someting else. abort
        error("Given file is neither file or directory.\nIn startup()\n");
}
else //Error
    error("Error in looking up type of path.\nIn startup()\n");;


//Check if the startup file exists
fprintf(stderr, "%s\n", path);
if((startup_file = fopen(path, "r")) == NULL) {
    //File does not exist, create a basics one for the user to modify
    if((startup_file = fopen(path, "w+")) == NULL)
        error("Could not create the startup file.\n");
    //Write the standard text to the new file, so the user can modify it
    //sizeof(STARTUP_FILE_TEXT)-1 as gedit cries if there is a terminator at the end
    fwrite(STARTUP_FILE_TEXT, sizeof(STARTUP_FILE_TEXT[0]), sizeof(STARTUP_FILE_TEXT)-1, startup_file);
}//End outer if


//Read from the startup file and find out which tables and database are needed and may have to be created
//While loop will run although if file was just created, fix it
section current;
while(fgets(buffer, sizeof(buffer), startup_file) != NULL) {
    if(strcmp(buffer, "[DATABASES]")) {
        //Every line now should contain the name of dbs, until new section
        current = DATABASES;
    }
    else if(strcmp(buffer, "[TABLES]")) {
        //Every line now should contain the name of dbs, until new section
        current = TABLES;
    }
    else {
        //Read the lines and create the table or database
        //Ignore everything behind #
        //Just numbers and letters are allowed
        //Read one line and save it into buffer
        //What happens, if the line exceeds buffer length and is split into to?
        //Process every character, but do not exceed the buffers limit (also save one for the '\0' termiantor)
        for(i = 0; i < (sizeof(buffer)-1); i++) {
            //Allowed characters are: A-Z, a-z, 0-9, dash, underscore and space
            //Read until '\n' or '#' or if not allowed characters are used print error and do not use it
            c = buffer[i];
            if(isalnum(c) || (c == '-') || (c == '_') || (c == ' '))  {
                //Correct
                string[i] = c;
            }//End if
            else if(c == '\n' || c == '\0') {
                //End of line or end of string, not checking for EOF as fgets already does it \
                and it would requried the int data type
                break;
            }//End else if
            else {
                //Wrong, stop
                printf("Wrong character used in setup file.\nWrong characters was: %c\n", c);
                break;
            }//End else
        }//End for
        //Add terminator at the end
        string[i] = '\0';
        //Create table or database
        switch(current) {
            case DATABASES:
                create_db(string, sizeof(string));
                break;
            case TABLES:
                break;
            default:
                break;
        }//End switch

    }
}//End while

//Create db and then open the database as a specific user
//create_db();
con = open_db("user1", "passwd", "Vocables");

//Clean up
fclose(startup_file);
free(path);
return con;
}

Running in gdb I get:

    (gdb) run 8080 ~/Cloud/Decrypted/Porifera-Server/
Starting program: /home/linux/Cloud/Decrypted/Porifera-Server/bin/Debug/Porifera-Server 8080 ~/Cloud/Decrypted/Porifera-Server/
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/usr/lib/libthread_db.so.1".
/home/linux/Cloud/Decrypted/Porifera-Server//startup.txt
*** Error in `/home/linux/Cloud/Decrypted/Porifera-Server/bin/Debug/Porifera-Server': free(): invalid next size (normal): 0x0000000000603030 ***
======= Backtrace: =========
/usr/lib/libc.so.6(+0x7198e)[0x7ffff6b0f98e]
/usr/lib/libc.so.6(+0x76dee)[0x7ffff6b14dee]
/usr/lib/libc.so.6(+0x775cb)[0x7ffff6b155cb]
/usr/lib/libc.so.6(+0x6893d)[0x7ffff6b0693d]
/home/linux/Cloud/Decrypted/Porifera-Server/bin/Debug/Porifera-Server[0x4016b8]
/home/linux/Cloud/Decrypted/Porifera-Server/bin/Debug/Porifera-Server[0x4012bc]
/usr/lib/libc.so.6(__libc_start_main+0xf0)[0x7ffff6abe800]
/home/linux/Cloud/Decrypted/Porifera-Server/bin/Debug/Porifera-Server[0x401089]
======= Memory map: ========
00400000-00403000 r-xp 00000000 00:24 261912                             /home/linux/Cloud/Decrypted/Porifera-Server/bin/Debug/Porifera-Server
00602000-00603000 rw-p 00002000 00:24 261912                             /home/linux/Cloud/Decrypted/Porifera-Server/bin/Debug/Porifera-Server
00603000-00624000 rw-p 00000000 00:00 0                                  [heap]
7ffff5f8a000-7ffff5fa2000 r-xp 00000000 08:03 1180623                    /usr/lib/libpthread-2.21.so
7ffff5fa2000-7ffff61a1000 ---p 00018000 08:03 1180623                    /usr/lib/libpthread-2.21.so
7ffff61a1000-7ffff61a2000 r--p 00017000 08:03 1180623                    /usr/lib/libpthread-2.21.so
7ffff61a2000-7ffff61a3000 rw-p 00018000 08:03 1180623                    /usr/lib/libpthread-2.21.so
7ffff61a3000-7ffff61a7000 rw-p 00000000 00:00 0 
7ffff61a7000-7ffff61a9000 r-xp 00000000 08:03 1180634                    /usr/lib/libdl-2.21.so
7ffff61a9000-7ffff63a9000 ---p 00002000 08:03 1180634                    /usr/lib/libdl-2.21.so
7ffff63a9000-7ffff63aa000 r--p 00002000 08:03 1180634                    /usr/lib/libdl-2.21.so
7ffff63aa000-7ffff63ab000 rw-p 00003000 08:03 1180634                    /usr/lib/libdl-2.21.so
7ffff63ab000-7ffff65f8000 r-xp 00000000 08:03 1226972                    /usr/lib/libcrypto.so.1.0.0
7ffff65f8000-7ffff67f7000 ---p 0024d000 08:03 1226972                    /usr/lib/libcrypto.so.1.0.0
7ffff67f7000-7ffff6815000 r--p 0024c000 08:03 1226972                    /usr/lib/libcrypto.so.1.0.0
7ffff6815000-7ffff6821000 rw-p 0026a000 08:03 1226972                    /usr/lib/libcrypto.so.1.0.0
7ffff6821000-7ffff6825000 rw-p 00000000 00:00 0 
7ffff6825000-7ffff6893000 r-xp 00000000 08:03 1226971                    /usr/lib/libssl.so.1.0.0
7ffff6893000-7ffff6a92000 ---p 0006e000 08:03 1226971                    /usr/lib/libssl.so.1.0.0
7ffff6a92000-7ffff6a97000 r--p 0006d000 08:03 1226971                    /usr/lib/libssl.so.1.0.0
7ffff6a97000-7ffff6a9e000 rw-p 00072000 08:03 1226971                    /usr/lib/libssl.so.1.0.0
7ffff6a9e000-7ffff6c37000 r-xp 00000000 08:03 1180590                    /usr/lib/libc-2.21.so
7ffff6c37000-7ffff6e37000 ---p 00199000 08:03 1180590                    /usr/lib/libc-2.21.so
7ffff6e37000-7ffff6e3b000 r--p 00199000 08:03 1180590                    /usr/lib/libc-2.21.so
7ffff6e3b000-7ffff6e3d000 rw-p 0019d000 08:03 1180590                    /usr/lib/libc-2.21.so
7ffff6e3d000-7ffff6e41000 rw-p 00000000 00:00 0 
7ffff6e41000-7ffff6e57000 r-xp 00000000 08:03 1180909                    /usr/lib/libgcc_s.so.1
7ffff6e57000-7ffff7056000 ---p 00016000 08:03 1180909                    /usr/lib/libgcc_s.so.1
7ffff7056000-7ffff7057000 rw-p 00015000 08:03 1180909                    /usr/lib/libgcc_s.so.1
7ffff7057000-7ffff715a000 r-xp 00000000 08:03 1180659                    /usr/lib/libm-2.21.so
7ffff715a000-7ffff735a000 ---p 00103000 08:03 1180659                    /usr/lib/libm-2.21.so
7ffff735a000-7ffff735b000 r--p 00103000 08:03 1180659                    /usr/lib/libm-2.21.so
7ffff735b000-7ffff735c000 rw-p 00104000 08:03 1180659                    /usr/lib/libm-2.21.so
7ffff735c000-7ffff744c000 r-xp 00000000 08:03 1180915                    /usr/lib/libstdc++.so.6.0.20
7ffff744c000-7ffff764c000 ---p 000f0000 08:03 1180915                    /usr/lib/libstdc++.so.6.0.20
7ffff764c000-7ffff7654000 r--p 000f0000 08:03 1180915                    /usr/lib/libstdc++.so.6.0.20
7ffff7654000-7ffff7656000 rw-p 000f8000 08:03 1180915                    /usr/lib/libstdc++.so.6.0.20
7ffff7656000-7ffff766b000 rw-p 00000000 00:00 0 
7ffff766b000-7ffff7680000 r-xp 00000000 08:03 1183894                    /usr/lib/libz.so.1.2.8
7ffff7680000-7ffff787f000 ---p 00015000 08:03 1183894                    /usr/lib/libz.so.1.2.8
7ffff787f000-7ffff7880000 r--p 00014000 08:03 1183894                    /usr/lib/libz.so.1.2.8
7ffff7880000-7ffff7881000 rw-p 00015000 08:03 1183894                    /usr/lib/libz.so.1.2.8
7ffff7881000-7ffff7b67000 r-xp 00000000 08:03 1223645                    /usr/lib/libmysqlclient.so.18.0.0
7ffff7b67000-7ffff7d67000 ---p 002e6000 08:03 1223645                    /usr/lib/libmysqlclient.so.18.0.0
7ffff7d67000-7ffff7d6e000 r--p 002e6000 08:03 1223645                    /usr/lib/libmysqlclient.so.18.0.0
7ffff7d6e000-7ffff7dd2000 rw-p 002ed000 08:03 1223645                    /usr/lib/libmysqlclient.so.18.0.0
7ffff7dd2000-7ffff7ddb000 rw-p 00000000 00:00 0 
7ffff7ddb000-7ffff7dfd000 r-xp 00000000 08:03 1180654                    /usr/lib/ld-2.21.so
7ffff7fc3000-7ffff7fcb000 rw-p 00000000 00:00 0 
7ffff7ff6000-7ffff7ff8000 rw-p 00000000 00:00 0 
7ffff7ff8000-7ffff7ffa000 r--p 00000000 00:00 0                          [vvar]
7ffff7ffa000-7ffff7ffc000 r-xp 00000000 00:00 0                          [vdso]
7ffff7ffc000-7ffff7ffd000 r--p 00021000 08:03 1180654                    /usr/lib/ld-2.21.so
7ffff7ffd000-7ffff7ffe000 rw-p 00022000 08:03 1180654                    /usr/lib/ld-2.21.so
7ffff7ffe000-7ffff7fff000 rw-p 00000000 00:00 0 
7ffffffde000-7ffffffff000 rw-p 00000000 00:00 0                          [stack]
ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0                  [vsyscall]
/home/linux/Cloud/Decrypted/Porifera-Server/
Program received signal SIGABRT, Aborted.
0x00007ffff6ad14b7 in raise () from /usr/lib/libc.so.6

When executing single lines in gdb you get short before the error occurs:

    26              path_is_directory = true;
(gdb) n
28              path = (unsigned char *) realloc(path, size_of_path + sizeof(STARTUP_FILE));
(gdb) n
29              if(path == NULL)
(gdb) n
32              sprintf(path, "%s/%s", path_to_file, STARTUP_FILE);
(gdb) n
51      fprintf(stderr, "%s\n", path);
(gdb) n
/home/linux/Cloud/Decrypted/Porifera-Server//startup.txt
52      if((startup_file = fopen(path, "r")) == NULL) {
(gdb) n

When I execute the next line after line 52 the problem occurs.

Using 'valgrind --leak-check=yes ./Porifera-Server 8080 ~/Cloud/Decrypted/Porifera-Server' it actually runs correctly. But with a blameful list of "errors":

    [linux@linux Debug]$ valgrind --leak-check=yes ./Porifera-Server 8080 ~/Cloud/Decrypted/Porifera-Server
==17917== Memcheck, a memory error detector
==17917== Copyright (C) 2002-2013, and GNU GPL'd, by Julian Seward et al.
==17917== Using Valgrind-3.10.1 and LibVEX; rerun with -h for copyright info
==17917== Command: ./Porifera-Server 8080 /home/linux/Cloud/Decrypted/Porifera-Server
==17917== 
==17917== Invalid write of size 8
==17917==    at 0x5E53E04: __GI_mempcpy (in /usr/lib/libc-2.21.so)
==17917==    by 0x5E44BDD: _IO_default_xsputn (in /usr/lib/libc-2.21.so)
==17917==    by 0x5E18C61: vfprintf (in /usr/lib/libc-2.21.so)
==17917==    by 0x5E3AC2A: vsprintf (in /usr/lib/libc-2.21.so)
==17917==    by 0x5E1F266: sprintf (in /usr/lib/libc-2.21.so)
==17917==    by 0x401647: startup (server_func.c:32)
==17917==    by 0x4012BB: main (server.c:23)
==17917==  Address 0x6c8709e is 14 bytes inside a block of size 20 alloc'd
==17917==    at 0x4C2C29E: realloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==17917==    by 0x40160B: startup (server_func.c:28)
==17917==    by 0x4012BB: main (server.c:23)
==17917== 
==17917== Invalid write of size 8
==17917==    at 0x5E53E08: __GI_mempcpy (in /usr/lib/libc-2.21.so)
==17917==    by 0x5E44BDD: _IO_default_xsputn (in /usr/lib/libc-2.21.so)
==17917==    by 0x5E18C61: vfprintf (in /usr/lib/libc-2.21.so)
==17917==    by 0x5E3AC2A: vsprintf (in /usr/lib/libc-2.21.so)
==17917==    by 0x5E1F266: sprintf (in /usr/lib/libc-2.21.so)
==17917==    by 0x401647: startup (server_func.c:32)
==17917==    by 0x4012BB: main (server.c:23)
==17917==  Address 0x6c870a6 is 2 bytes after a block of size 20 alloc'd
==17917==    at 0x4C2C29E: realloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==17917==    by 0x40160B: startup (server_func.c:28)
==17917==    by 0x4012BB: main (server.c:23)
==17917== 
==17917== Invalid write of size 8
==17917==    at 0x5E53E0C: __GI_mempcpy (in /usr/lib/libc-2.21.so)
==17917==    by 0x5E44BDD: _IO_default_xsputn (in /usr/lib/libc-2.21.so)
==17917==    by 0x5E18C61: vfprintf (in /usr/lib/libc-2.21.so)
==17917==    by 0x5E3AC2A: vsprintf (in /usr/lib/libc-2.21.so)
==17917==    by 0x5E1F266: sprintf (in /usr/lib/libc-2.21.so)
==17917==    by 0x401647: startup (server_func.c:32)
==17917==    by 0x4012BB: main (server.c:23)
==17917==  Address 0x6c870ae is 10 bytes after a block of size 20 alloc'd
==17917==    at 0x4C2C29E: realloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==17917==    by 0x40160B: startup (server_func.c:28)
==17917==    by 0x4012BB: main (server.c:23)
==17917== 
==17917== Invalid write of size 1
==17917==    at 0x5E53D3E: __GI_mempcpy (in /usr/lib/libc-2.21.so)
==17917==    by 0x5E44BDD: _IO_default_xsputn (in /usr/lib/libc-2.21.so)
==17917==    by 0x5E18C61: vfprintf (in /usr/lib/libc-2.21.so)
==17917==    by 0x5E3AC2A: vsprintf (in /usr/lib/libc-2.21.so)
==17917==    by 0x5E1F266: sprintf (in /usr/lib/libc-2.21.so)
==17917==    by 0x401647: startup (server_func.c:32)
==17917==    by 0x4012BB: main (server.c:23)
==17917==  Address 0x6c870b6 is 18 bytes after a block of size 20 alloc'd
==17917==    at 0x4C2C29E: realloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==17917==    by 0x40160B: startup (server_func.c:28)
==17917==    by 0x4012BB: main (server.c:23)
==17917== 
==17917== Invalid write of size 4
==17917==    at 0x5E53D60: __GI_mempcpy (in /usr/lib/libc-2.21.so)
==17917==    by 0x5E44BDD: _IO_default_xsputn (in /usr/lib/libc-2.21.so)
==17917==    by 0x5E18C61: vfprintf (in /usr/lib/libc-2.21.so)
==17917==    by 0x5E3AC2A: vsprintf (in /usr/lib/libc-2.21.so)
==17917==    by 0x5E1F266: sprintf (in /usr/lib/libc-2.21.so)
==17917==    by 0x401647: startup (server_func.c:32)
==17917==    by 0x4012BB: main (server.c:23)
==17917==  Address 0x6c870b7 is 19 bytes after a block of size 20 alloc'd
==17917==    at 0x4C2C29E: realloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==17917==    by 0x40160B: startup (server_func.c:28)
==17917==    by 0x4012BB: main (server.c:23)
==17917== 
==17917== Invalid write of size 1
==17917==    at 0x5E44B8D: _IO_default_xsputn (in /usr/lib/libc-2.21.so)
==17917==    by 0x5E17F1D: vfprintf (in /usr/lib/libc-2.21.so)
==17917==    by 0x5E3AC2A: vsprintf (in /usr/lib/libc-2.21.so)
==17917==    by 0x5E1F266: sprintf (in /usr/lib/libc-2.21.so)
==17917==    by 0x401647: startup (server_func.c:32)
==17917==    by 0x4012BB: main (server.c:23)
==17917==  Address 0x6c870bb is 23 bytes after a block of size 20 alloc'd
==17917==    at 0x4C2C29E: realloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==17917==    by 0x40160B: startup (server_func.c:28)
==17917==    by 0x4012BB: main (server.c:23)
==17917== 
==17917== Invalid write of size 1
==17917==    at 0x5E44B8D: _IO_default_xsputn (in /usr/lib/libc-2.21.so)
==17917==    by 0x5E18C61: vfprintf (in /usr/lib/libc-2.21.so)
==17917==    by 0x5E3AC2A: vsprintf (in /usr/lib/libc-2.21.so)
==17917==    by 0x5E1F266: sprintf (in /usr/lib/libc-2.21.so)
==17917==    by 0x401647: startup (server_func.c:32)
==17917==    by 0x4012BB: main (server.c:23)
==17917==  Address 0x6c870bc is 12 bytes after a block of size 32 in arena "client"
==17917== 
==17917== Invalid write of size 1
==17917==    at 0x5E3AC39: vsprintf (in /usr/lib/libc-2.21.so)
==17917==    by 0x5E1F266: sprintf (in /usr/lib/libc-2.21.so)
==17917==    by 0x401647: startup (server_func.c:32)
==17917==    by 0x4012BB: main (server.c:23)
==17917==  Address 0x6c870c7 is 23 bytes after a block of size 32 in arena "client"
==17917== 
==17917== Invalid read of size 1
==17917==    at 0x5E18CA2: vfprintf (in /usr/lib/libc-2.21.so)
==17917==    by 0x5E19960: buffered_vfprintf (in /usr/lib/libc-2.21.so)
==17917==    by 0x5E145D4: vfprintf (in /usr/lib/libc-2.21.so)
==17917==    by 0x5E1F096: fprintf (in /usr/lib/libc-2.21.so)
==17917==    by 0x4016A6: startup (server_func.c:51)
==17917==    by 0x4012BB: main (server.c:23)
==17917==  Address 0x6c870a4 is 0 bytes after a block of size 20 alloc'd
==17917==    at 0x4C2C29E: realloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==17917==    by 0x40160B: startup (server_func.c:28)
==17917==    by 0x4012BB: main (server.c:23)
==17917== 
==17917== Invalid read of size 8
==17917==    at 0x5E53DF9: __GI_mempcpy (in /usr/lib/libc-2.21.so)
==17917==    by 0x5E44BDD: _IO_default_xsputn (in /usr/lib/libc-2.21.so)
==17917==    by 0x5E18C61: vfprintf (in /usr/lib/libc-2.21.so)
==17917==    by 0x5E19960: buffered_vfprintf (in /usr/lib/libc-2.21.so)
==17917==    by 0x5E145D4: vfprintf (in /usr/lib/libc-2.21.so)
==17917==    by 0x5E1F096: fprintf (in /usr/lib/libc-2.21.so)
==17917==    by 0x4016A6: startup (server_func.c:51)
==17917==    by 0x4012BB: main (server.c:23)
==17917==  Address 0x6c870a0 is 16 bytes inside a block of size 20 alloc'd
==17917==    at 0x4C2C29E: realloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==17917==    by 0x40160B: startup (server_func.c:28)
==17917==    by 0x4012BB: main (server.c:23)
==17917== 
==17917== Invalid read of size 8
==17917==    at 0x5E53DFD: __GI_mempcpy (in /usr/lib/libc-2.21.so)
==17917==    by 0x5E44BDD: _IO_default_xsputn (in /usr/lib/libc-2.21.so)
==17917==    by 0x5E18C61: vfprintf (in /usr/lib/libc-2.21.so)
==17917==    by 0x5E19960: buffered_vfprintf (in /usr/lib/libc-2.21.so)
==17917==    by 0x5E145D4: vfprintf (in /usr/lib/libc-2.21.so)
==17917==    by 0x5E1F096: fprintf (in /usr/lib/libc-2.21.so)
==17917==    by 0x4016A6: startup (server_func.c:51)
==17917==    by 0x4012BB: main (server.c:23)
==17917==  Address 0x6c870a8 is 4 bytes after a block of size 20 alloc'd
==17917==    at 0x4C2C29E: realloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==17917==    by 0x40160B: startup (server_func.c:28)
==17917==    by 0x4012BB: main (server.c:23)
==17917== 
==17917== Invalid read of size 1
==17917==    at 0x5E53D3B: __GI_mempcpy (in /usr/lib/libc-2.21.so)
==17917==    by 0x5E44BDD: _IO_default_xsputn (in /usr/lib/libc-2.21.so)
==17917==    by 0x5E18C61: vfprintf (in /usr/lib/libc-2.21.so)
==17917==    by 0x5E19960: buffered_vfprintf (in /usr/lib/libc-2.21.so)
==17917==    by 0x5E145D4: vfprintf (in /usr/lib/libc-2.21.so)
==17917==    by 0x5E1F096: fprintf (in /usr/lib/libc-2.21.so)
==17917==    by 0x4016A6: startup (server_func.c:51)
==17917==    by 0x4012BB: main (server.c:23)
==17917==  Address 0x6c870b0 is 12 bytes after a block of size 20 alloc'd
==17917==    at 0x4C2C29E: realloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==17917==    by 0x40160B: startup (server_func.c:28)
==17917==    by 0x4012BB: main (server.c:23)
==17917== 
==17917== Invalid read of size 2
==17917==    at 0x5E53D4B: __GI_mempcpy (in /usr/lib/libc-2.21.so)
==17917==    by 0x5E44BDD: _IO_default_xsputn (in /usr/lib/libc-2.21.so)
==17917==    by 0x5E18C61: vfprintf (in /usr/lib/libc-2.21.so)
==17917==    by 0x5E19960: buffered_vfprintf (in /usr/lib/libc-2.21.so)
==17917==    by 0x5E145D4: vfprintf (in /usr/lib/libc-2.21.so)
==17917==    by 0x5E1F096: fprintf (in /usr/lib/libc-2.21.so)
==17917==    by 0x4016A6: startup (server_func.c:51)
==17917==    by 0x4012BB: main (server.c:23)
==17917==  Address 0x6c870b1 is 13 bytes after a block of size 20 alloc'd
==17917==    at 0x4C2C29E: realloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==17917==    by 0x40160B: startup (server_func.c:28)
==17917==    by 0x4012BB: main (server.c:23)
==17917== 
==17917== Invalid read of size 4
==17917==    at 0x5E53D5E: __GI_mempcpy (in /usr/lib/libc-2.21.so)
==17917==    by 0x5E44BDD: _IO_default_xsputn (in /usr/lib/libc-2.21.so)
==17917==    by 0x5E18C61: vfprintf (in /usr/lib/libc-2.21.so)
==17917==    by 0x5E19960: buffered_vfprintf (in /usr/lib/libc-2.21.so)
==17917==    by 0x5E145D4: vfprintf (in /usr/lib/libc-2.21.so)
==17917==    by 0x5E1F096: fprintf (in /usr/lib/libc-2.21.so)
==17917==    by 0x4016A6: startup (server_func.c:51)
==17917==    by 0x4012BB: main (server.c:23)
==17917==  Address 0x6c870b3 is 15 bytes after a block of size 20 alloc'd
==17917==    at 0x4C2C29E: realloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==17917==    by 0x40160B: startup (server_func.c:28)
==17917==    by 0x4012BB: main (server.c:23)
==17917== 
==17917== Invalid read of size 8
==17917==    at 0x5E53D90: __GI_mempcpy (in /usr/lib/libc-2.21.so)
==17917==    by 0x5E44BDD: _IO_default_xsputn (in /usr/lib/libc-2.21.so)
==17917==    by 0x5E18C61: vfprintf (in /usr/lib/libc-2.21.so)
==17917==    by 0x5E19960: buffered_vfprintf (in /usr/lib/libc-2.21.so)
==17917==    by 0x5E145D4: vfprintf (in /usr/lib/libc-2.21.so)
==17917==    by 0x5E1F096: fprintf (in /usr/lib/libc-2.21.so)
==17917==    by 0x4016A6: startup (server_func.c:51)
==17917==    by 0x4012BB: main (server.c:23)
==17917==  Address 0x6c870b7 is 19 bytes after a block of size 20 alloc'd
==17917==    at 0x4C2C29E: realloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==17917==    by 0x40160B: startup (server_func.c:28)
==17917==    by 0x4012BB: main (server.c:23)
==17917== 
==17917== Invalid read of size 8
==17917==    at 0x5E53D93: __GI_mempcpy (in /usr/lib/libc-2.21.so)
==17917==    by 0x5E44BDD: _IO_default_xsputn (in /usr/lib/libc-2.21.so)
==17917==    by 0x5E18C61: vfprintf (in /usr/lib/libc-2.21.so)
==17917==    by 0x5E19960: buffered_vfprintf (in /usr/lib/libc-2.21.so)
==17917==    by 0x5E145D4: vfprintf (in /usr/lib/libc-2.21.so)
==17917==    by 0x5E1F096: fprintf (in /usr/lib/libc-2.21.so)
==17917==    by 0x4016A6: startup (server_func.c:51)
==17917==    by 0x4012BB: main (server.c:23)
==17917==  Address 0x6c870bf is 15 bytes after a block of size 32 in arena "client"
==17917== 
/home/linux/Cloud/Decrypted/Porifera-Server/startup.txt
==17917== Syscall param open(filename) points to unaddressable byte(s)
==17917==    at 0x5EAB2E0: __open_nocancel (in /usr/lib/libc-2.21.so)
==17917==    by 0x5E43524: _IO_file_open (in /usr/lib/libc-2.21.so)
==17917==    by 0x5E4366F: _IO_file_fopen@@GLIBC_2.2.5 (in /usr/lib/libc-2.21.so)
==17917==    by 0x5E38913: __fopen_internal (in /usr/lib/libc-2.21.so)
==17917==    by 0x4016B7: startup (server_func.c:52)
==17917==    by 0x4012BB: main (server.c:23)
==17917==  Address 0x6c870a4 is 0 bytes after a block of size 20 alloc'd
==17917==    at 0x4C2C29E: realloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==17917==    by 0x40160B: startup (server_func.c:28)
==17917==    by 0x4012BB: main (server.c:23)
==17917== 
/home/linux/Cloud/Decrypted/Porifera-Server
IPv4 TCP Server started...
Incoming connection from client having IPv4 address: 127.0.0.1
Message from client: Hello
Value is: 4
==17917== 
==17917== HEAP SUMMARY:
==17917==     in use at exit: 65,928 bytes in 19 blocks
==17917==   total heap usage: 77 allocs, 58 frees, 124,873 bytes allocated
==17917== 
==17917== 32 bytes in 1 blocks are possibly lost in loss record 1 of 7
==17917==    at 0x4C29F90: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==17917==    by 0x4E98839: my_malloc (in /usr/lib/libmysqlclient.so.18.0.0)
==17917==    by 0x4E94B63: ??? (in /usr/lib/libmysqlclient.so.18.0.0)
==17917==    by 0x4E57244: mysql_server_init (in /usr/lib/libmysqlclient.so.18.0.0)
==17917==    by 0x4E5DC76: mysql_init (in /usr/lib/libmysqlclient.so.18.0.0)
==17917==    by 0x401B0B: open_db (vocable_trainer.c:48)
==17917==    by 0x401858: startup (server_func.c:118)
==17917==    by 0x4012BB: main (server.c:23)
==17917== 
==17917== 160 bytes in 1 blocks are possibly lost in loss record 2 of 7
==17917==    at 0x4C29F90: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==17917==    by 0x4E98839: my_malloc (in /usr/lib/libmysqlclient.so.18.0.0)
==17917==    by 0x4E93D49: ??? (in /usr/lib/libmysqlclient.so.18.0.0)
==17917==    by 0x4E69A9D: ??? (in /usr/lib/libmysqlclient.so.18.0.0)
==17917==    by 0x4E5724B: mysql_server_init (in /usr/lib/libmysqlclient.so.18.0.0)
==17917==    by 0x4E5DC76: mysql_init (in /usr/lib/libmysqlclient.so.18.0.0)
==17917==    by 0x401B0B: open_db (vocable_trainer.c:48)
==17917==    by 0x401858: startup (server_func.c:118)
==17917==    by 0x4012BB: main (server.c:23)
==17917== 
==17917== LEAK SUMMARY:
==17917==    definitely lost: 0 bytes in 0 blocks
==17917==    indirectly lost: 0 bytes in 0 blocks
==17917==      possibly lost: 192 bytes in 2 blocks
==17917==    still reachable: 65,736 bytes in 17 blocks
==17917==         suppressed: 0 bytes in 0 blocks
==17917== Reachable blocks (those to which a pointer was found) are not shown.
==17917== To see them, rerun with: --leak-check=full --show-leak-kinds=all
==17917== 
==17917== For counts of detected and suppressed errors, rerun with: -v
==17917== ERROR SUMMARY: 64 errors from 19 contexts (suppressed: 0 from 0)

I just can't find it; other people with a similar error had either an '\n' in the path to the file for the fopen function or had not initialised a ptr but tried to free it. I have not touched any ptr-free function since last time it worked and I have currently not found a ptr that is causing this problem.

Answer

nos picture nos · Mar 6, 2015

When you encounter errors, start with the 1. one , it might be the cause of the following errors.

==17917== Invalid write of size 8
==17917==    at 0x5E53E04: __GI_mempcpy (in /usr/lib/libc-2.21.so)
==17917==    by 0x5E44BDD: _IO_default_xsputn (in /usr/lib/libc-2.21.so)
==17917==    by 0x5E18C61: vfprintf (in /usr/lib/libc-2.21.so)
==17917==    by 0x5E3AC2A: vsprintf (in /usr/lib/libc-2.21.so)
==17917==    by 0x5E1F266: sprintf (in /usr/lib/libc-2.21.so)
==17917==    by 0x401647: startup (server_func.c:32)
==17917==    by 0x4012BB: main (server.c:23)
==17917==  Address 0x6c8709e is 14 bytes inside a block of size 20 alloc'd
==17917==    at 0x4C2C29E: realloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==17917==    by 0x40160B: startup (server_func.c:28)
==17917==    by 0x4012BB: main (server.c:23)

In this stack trace, the interresting pieces is the code of your program, as we can assume the code in the runtime/standard library to work.

Valgrind tells you 2 things here:

  1. You're accessing memory you're not supposed to (Invalid write of size 8), in the startup function in the file server_func.c at line 32
  2. The memory you're accessing is 14 bytes past a buffer of 20 bytes that you allocated at server_func.c line 28

Line 28: path = (unsigned char *) realloc(path, size_of_path + sizeof(STARTUP_FILE));

Line 32: sprintf(path, "%s/%s", path_to_file, STARTUP_FILE);

So on line 28 you don't allocate room for the "/" separator, and possibly not the nul terminator.

You also need to ensure size_of_path is correct, and that sizeof(STARTUP_FILE) gives you the correct size, which it will if STARTUP_FILE is a char array, but it'll be wrong if it's a char pointer. Perhaps you need to use strlen(STARTUP_FILE)

Assuming size_of_path is correct, you might need to calculate the buffer size as size_of_path + strlen(STARTUP_FILE) + 2